With the expansion of internet services and computer technology, particularly in the social media and financial services space, there has been a growth in financial and identity fraud across a wide range of areas. It has become extremely easy to produce counterfeit or altered documents using easily accessible, cheap home computers and printers, for example. Whilst there are various manual processes and electronic methods that have been put in place to attempt to detect these frauds, they are either extremely labour intensive and thus expensive or require significant expensive changes to virtually all trusted systems of all relevant providers. Some illustrative examples of the problems posed are:                1. A user registers with an online dating site, puts in various details that purport to describe the person. A second user is matched to that person through the dating site algorithms. The two users agree to meet. The users have no way of knowing until they physically meet, that the details about the other person are correct including the most important detail i.e. is the name in the system their true name.        2. A user registers on a social media site such as Facebook. They choose to register under a name that is not theirs but instead choose to impersonate some other person. They are then accepted as a “friend” by all those that know the person being impersonated. This is very dangerous as the people simply accept their “friend” into their private circle and have no way of reliably validating their identity. In an extreme case, recently in the US, a person who met with their imposter “friend” was murdered by that person.        3. “Twitter”™ is a communications channel whereby people sign up as a particular person or company representative and other members who either know or are interested in reading their comments (“tweets”) then choose to “follow” them. The followers typically have no way of verifying the identity of the person they are “following” so cannot tell if the person is an imposter. This lack of verification can lead to serious consequences if a user is impersonating a significant/famous/respected person or company. There have been numerous cases of people fraudulently producing “tweets” whilst impersonating someone else. Such fraudulent “tweets” can e.g. cause dislocation in financial markets if e.g. a “tweet” from a supposedly “trusted” source posts false information regarding market sensitive financial or other data relating to a company or country. E.g. a post that a key founder in a company has died can cause shares to be sold in the company in fractions of a second driven by high frequency trade algorithms run by major institutions that automatically react to headlines.        4. In the financial sphere, if a person wishes to e.g. apply for a loan either online or offline, the provider of the loan will require the applicant to provide proof of identity. Due to the ease of document fraud and manipulation, it is not possible for the provider to accept e.g. an emailed document or copy of their passport/driver's license/bank statement etc. Typically they therefore require the applicant to produce those documents at a physical branch in person where the photo can be compared to the person supplying the documents and the physical original documents can be sighted and handled to minimize the chance that they are fraudulent.        
The above are just some examples of the problems which could be addressed if a convenient and reliable system and method for certifying information associated with a person, such as a person's identity, could be implemented. There are also many other examples and applications where it would be useful and important to be able to provide verified information about a person.
There are trusted entities such as financial institutions who by law are required to “know their customer” before allowing the user to open an account. These and other institutions e.g. government agencies, therefore ensure that significant checks are in place before accepting a customer's identity. It follows, therefore, that the identity of a user who has an account with such a trusted entity is known to an extremely high level of certainty. Any other information about the user or associated with the user which may be stored by that trusted entity is also likely to have a high level of certainty that the information is correct.
If access could be allowed to this “trusted information” by somebody who wishes to obtain trusted information associated with a person (e.g. to verify their identity), then this may be sufficient verification for the relying party. Such trusted entities as financial institutions, government agencies and others, however, have strict security and privacy requirements and will not allow third parties, such as people who wish to obtain information about an account holder, access to their systems. Further, without the implementation of expensive processes and infrastructure, the trusted entities will not provide certified trusted information to the third parties. It is impractical for them to do so.
A person who has the information associated with them stored at the trusted entity can access their account and obtain the information. They could then forward that information onto a relying party. The relying party, however, could not be certain that the information forwarded by the person was not tampered with or changed, or was genuinely from the trusted entity. In all currently known systems whereby the data is retrieved by the person on their client device manually or through using any known and/or available software, there is no way of guaranteeing that the data that is ultimately forwarded to the relying party has not been modified. This is due to the fact that the data and/or software is exposed to the person accessing their account. Client based software may attempt to obscure, encrypt or hide the data from the user to make it more difficult for the user to modify it before it is sent to the relying party, but the fundamental issue remains that anything that passes through the user's hands could be manipulated by the user. Consequently, whilst software is available that automate the retrieval process on the user's client device which obscures, encrypts, signs and transmits the retrieved data to relying parties, such software achieves the privacy goals but not the tamperproof goals.
Relying parties currently have to choose between three non-satisfactory solutions:                a. a server side solution which guarantees data has not been tampered with by the user but requires the user to give up their privacy and credentials to a 3rd party (and many trusted entities, such as financial institutions, will not allow this);        b. An automated client solution which ensures user privacy and non-disclosure of credentials but cannot guarantee data has not been modified by the client.        c. All trusted parties changing their online systems and signing data prior to the data being given to the client (this is impractical, many trusted entities have no incentive to do this).        